iOS 4.1 security flaw allows calls to be made on passcode locked iPhone

It looks as if there's yet another Phone.app security hole, this time in iOS 4.1 that allows someone to get around a passcode locked iPhone, gain access to the owner's contact list, make calls and send emails to anyone in said contact list. From MacStories:

"To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list."

The issue will most-likely get patched by Apple in the 4.2 update coming later this month, but it's not the first time the emergency call screen has been exploited. Both iOS 2.1 and iOS 2.0.2 suffered from passcode lock bugs. Hopefully Apple pays extra attention and really secures Phone.app this time.

We were able to recreate the issue in the video above. Any readers out there seeing the same results? Let us know your thoughts on this in the comments below!

I got it to work too, though it took a few tries to get the sleep button pressed at just the right time. Also, once in to the phone app, I couldn't get out without rebooting my phone (non-jailbroken 3G running iOS 4.1). Scary stuff!

The good thing is that it seems that Apple took car of securing the system, since we're not able to ever leave the app (home button doesn't work and SMS, Maps and even Mail don't start).
A brazilian blog confirmed that this was already fixed on 4.2, we just need to wait 'til november, which is just around the corner.

Recreated on iPhone 4, 4.1 JB w/ limera1n. Once I got to the phone app I also could not get out with out rebooting. Unlees you complete a call, then it will send you back to your lock screen. No access to anything except phone app. Will dial out but would not let me FaceTime.

Just recreated it, not kidding, complete access to contacts list, recent calls and voicemails!
At first I thought I was stuck in phone screen without rebooting, but a double tap took me back to the enter passcode screen.

Since 911 is the only real emergency number in the states, seems like anything else dialed would auto lock the phone. After so many tries, auto erase all info. Should be easy to fix. Was this found by accident, or what?